package com.mh.controller;


import com.mh.common.ResponseResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {

    @RequestMapping("/hello")
    //@PreAuthorize注解: 用于在方法调用前进行权限校验 ↔ @PostAuthorize 方法执行后校验
    //hasAuthority('test'): 确保只有具有指定权限(test)的用户才能调用该方法
    @PreAuthorize("hasAuthority('system:user:list')")
    public String hello() {
        return "有用户管理(system:user:list)权限";
    }

    @RequestMapping("/ok")
    @PreAuthorize("hasAuthority('system:role:list')")
    public String ok() {
        return "有角色管理(system:role:list)权限";
    }

    @RequestMapping("/testCors")
    public ResponseResult testCors() {
        return new ResponseResult(200,"OK Cors");
    }

    @RequestMapping("/myExTest")
    //调用自定义的权限校验方法
    @PreAuthorize("@myEx.myHasAuthority('system:menu:list')")
    public String myExTest() {
        return "有菜单管理(system:menu:list)权限,来自自定义的权限校验";
    }

    //访问条件: 1.角色:common ; 2.权限: user 或 role(任意一个即可)
    @RequestMapping("/doubleCheck")
    @PreAuthorize("hasRole('common') and hasAnyAuthority('system:user:list','system:role:list')")
    public String doubleCheck() {
        return "拥有角色:common 并且 拥有权限:user或role";
    }
}
